The market value of console hacks

In a previous article, I claimed that modern consoles can probably only be hacked by companies, or more generally by people who can invest a relevant amount of money into R&D, then expect a significant return on investment.

Some people contacted me to ask if this is why some hackers in the PSP/Vita/PS3 scene request donations for their work. After seeing a few similar questions in my mail box, I concluded that a clarification was needed: When I said the people behind the hacks expect a return on investment, I did not mean the couple hundred bucks that a “donate” button would typically give a hobbyist hacker on the PSP scene. I meant thousands of dollars, possibly hundreds of thousands, actually.

In order to give precise replies to the people who contacted me, I looked for the answer to a simple question: what is the actual market value of a console exploit? In other words, if somebody found today an exploit for, say, the PS Vita, and contacted the right people, how much could that person sell it for? As you can guess, this is a very difficult thing to calculate. There are not so many data points, and they are all very fuzzy.

Zooming out: the Global Zero-day vulnerability market

There is more visible data outside of the console world: the price range of weaponized exploits covers a huge spectrum, but the recent pwn2own contest for example had prizes between $60’000 and $100’000 for exploits in the latest versions of major Browsers (Chrome, IE, Firefox, Safari).

As an anecdote, famous iPhone and PS3 Hacker Geohot scored $70’000 at Pwn2Own this year, for hacking Adobe Reader.

Interestingly, it seems nobody tried to actually get the prize for Safari on OSX, and some security researchers claim that such an exploit, most likely compatible with iOS, could probably sell up to $600’000 on the black market (people who complained about the “greediness” of the evasi0n team – who according to some people tried to make as much money as possible through donations and advertising as they released the latest iOs jailbreak – should put that number in perspective). That number is a bit random though, but an accepted “lowest value” for an iOS exploit on the black market seems to be around $250’000.

Looking at other sources, it is clear that zero day vulnerabilities are a profitable market. Numbers from a Forbes article claim that an exploit could sell anywhere between $5’000 and $250’000. That was a year ago, and the prices probably have increased since, in particular for an OS as popular as iOS.

(Forbes 2012)

Of course, there are lots of variations (Not to mention the fact that the nature of this business makes it difficult to have accurate estimates), not all exploits are the same. The amount of potential “targets” (number of users of the OS or piece of software), the rarity of exploits for a given platform, etc… need to be taken into account.

But what about gaming consoles exploits?

Zooming back in: consoles

Gaming consoles are a different story. A “buyer” for a console exploit would probably not try to hack the users’ consoles without them knowing, but instead try to monetize it by selling a downgrader, a Custom Firmware, or a modchip. It’s basically a “reversed” situation, where the users actually want the hack to happen (well, that’s similar to an iPhone jailbreak, but I am willing to bet that the people ready to pay $250’000 for an iOS exploit wouldn’t do it to work on a jailbreak)

I couldn’t find any public figures for the market of modchips, but one of the most recent examples I can think of was the PS3’s True Blue dongle.

I might share detailed numbers in another article, but I estimate that the group of people behind True Blue (and its clones) made somewhere between $500’000 and $1’000’000 of profit selling their dongles (this is pure profit after removing the resellers/affiliates margin, the dev’s share, operational costs and marketing costs. All included, I estimate the whole business around True Blue and its clones is somewhere between $2’000’000 and $5’000’000).

The “value” in the True Blue dongle wasn’t the dongle itself. It was the underlying exploits (not made by the people behind TrueBlue) that allowed it to run unsigned games, and the way the people working on True Blue managed to acquire such unsigned games when nobody else could.

There’s lots of speculation already, but given the margins involved, I pretend that if an exploit hadn’t been available already, the people behind True Blue would have easily paid $50’000 for one (I am talking of a fully working one here, not just a proof of concept), that is, 10% of their profit.

How much would a Vita hack cost?

How about the Vita then? Well, at this point of my research, there are already too many unknowns on many levels for me to come up with any estimation that I would be confident to be quoted with. But, assuming a situation similar to that of True Blue (some people have a way to monetize a potential exploit), and keeping in mind that the Vita, so far, has sold less than 5 million units (compared to 70 million PS3 sold), I would probably revise the numbers to something a bit under $10’000.

I keep mentioning a market that is worth millions of dollars with the True blue example (and I am assuming other modchips have a similar market), so why does it get as “low” as a few thousand bucks for a full vita exploit? Well, I think what people really pay for in this black market is more the pirated content, and less the way to enable it in the first place. In other words, I don’t think a large amount of people would “buy” a CFW (or an exploit) that doesn’t come with a way to play pirated games. This is why in my estimates, the “non paid” exploit for TrueBlue represents 10% of the profit, while their secret to acquire pirated games represents 90%.

Overall, with so few users for now, the Vita is probably not a good target for these companies… but I might be wrong, and I’m sure the modchip industry is already crunching numbers to see if it is worth “investing” in the Vita…

My point however remains the same: although it might not be as lucrative as browsers/OS vulnerabilities, the market of console modchips and game piracy around a single hack/modchip easily adds up to millions of dollars, and cannot be compared to the pocket money some hobbyist hackers get when they ask for a donation.

Share

wololo

We are constantly looking for guest bloggers at wololo.net. If you like to write, and have a strong interest in the console hacking scene, contact me either with a comment here, or in a PM on /talk!

Can you clarify where the “cheap excuse” is? (edit: or maybe you’re talking of the previous article. Have you actually read it? I believe I made a few good points!) I’m not saying people shouldn’t try to hack, I’m just explaining how much money lies behind the shady business of modchips.

Also not sure who you categorize in “youth”, I personally am getting further away from half the progress bar of life every day…

you clearly did a good work in keeping calm and answering my harsh statement with clear words.

It was more of a test to see what kind of a person “a hacker” is.

And you are absoulutely right about the complex aspect which hacking brings with itself.

Yet there is always that revolutionary thought, that there is this one idea, this one theroy, that might lead in solving these “hardcore” devices without a huge amount of money. BUt that doesnt seem to be the case right now

@hippyherpes I like to believe I used to be one of the ok psp hackers. Not one of the great ones, but a hacker nonetheless. Life has decided that I dont have the time to spend on it anymore, but it doesn’t mean I dont know what I am talking about. Remind me which projects of the vita scene you worked on?

As far as the “sponsor” part goes, I am proud to have donated for pretty much every vhbl or ecfw out so far, despite not necessarily using all of these. So yeah, I guess in a way I am a sponsor.

Wololo, you write so many awesome articles. Whenever i visit this site, i read all your articles first and then any other if they seem interesting. But most of the people visiting this site are not even interested in them. They probably don’t even read them completely, and as you can see from the comments section of any post by you, >90% of the comments are nonsense or spam or trolls or ‘screw this i want the exploit’. I don’t even have a vita (have a psp though :D) and i still visit your blog for all your interesting articles. But i feel bad that most of the people reading this don’t even understand it.

I beg to differ. I read every single word from all the blog post here! Although sometimes I’m not very familiar with technical terms (or some sentences as English is not my native language), I still find it very interesting to get to know more about them! =)

Hate to admit it, I’m also looking forward to see new exploits, but the blog posts here at least keep me entertain for now. =D

Maybe the hackers are going about this the wrong way? I don’t have very much experience in the console hacking world but I was involved a while back with the Wii and I know a good bit about reverse engineering and such. If I was handed a mysterious, functioning piece of technology and told to figure out how it worked and how we could utilize it, the first thing I would do would be open it up and investigate the hardware. Extract each recognizable memory chip, dump them. Anything I didn’t recognize I would begin to track down and figure out who makes and and what it does. I would think that ought to get enough information to begin searching for usable exploits.

I expect someone has already done this, but if not, maybe someone will get some inspiration from my thoughts.

if 5 million devices will be sold, say 4 million are used only 1 million will pirate them if anyone has done an exploit with user name and password and is required only ridiculously priced $ 1 and all would get 1 million, I would pay for a hack that works 30-40 dollars if a can updated whenever i whant , sorry for my English, I use google translation

You mean more like doing a device like the Supercard was made for Nintendo DS for playing roms. Not donations. Makert for building a device for Vita that could load up iso and homebrews like they did with DS and i believe 3DS.

Sounds like that Vita is not a good target just because the market is too small.

It’s so ironic that PSP became a popular console in China after piracy appeared. It not so difficult for people in China (even in Taiwan,BTW I live in Taiwan) to afford a console. They feel, however, the game is to expensive.

This phenomenon also apply to iOS side. They are wIlling to but a Phone about 600USD, but don’t want to pay 1USD for app.

So people are poor, and are going out to buy PS3, 360, Wii and games for it. Then they go and buy handhelds like 3DS, VITA, etc and then complain about how there is a depression and everything is too expensive?

B*tch, please. If you can’t afford all of that sh*t in the f!rst place, why are you buying it?

You should mind what you say in your posts, because it makes you seem very, very dumb.

Amazon

Do you shop at Amazon? If you like my work and are an Amazon shopper, please consider using the links below. It won't cost you anything more, and I will get a small percentage of the sales.Thanks for your support!